module
Titan FTP Administrative Password Disclosure
| Disclosed | Created |
|---|---|
| N/A | 2018-05-30 |
Disclosed
N/A
Created
2018-05-30
Description
On Titan FTP servers prior to version 9.14.1628, an attacker can
retrieve the username and password for the administrative XML-RPC
interface, which listens on TCP Port 31001 by default, by sending an
XML request containing bogus authentication information. After sending
this request, the server responds with the legitimate username and
password for the service. With this information, an attacker has
complete control over the FTP service, which includes the ability to
add and remove FTP users, as well as add, remove, and modify
available directories and their permissions.
retrieve the username and password for the administrative XML-RPC
interface, which listens on TCP Port 31001 by default, by sending an
XML request containing bogus authentication information. After sending
this request, the server responds with the legitimate username and
password for the service. With this information, an attacker has
complete control over the FTP service, which includes the ability to
add and remove FTP users, as well as add, remove, and modify
available directories and their permissions.
Author
Spencer McIntyre
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.